Hi Mike, > Did you find something that could help us?
You gave the answer basically yourself by considering the very old strongSwan version (which you claimed to be 5.5.3 on both ends in your original mail btw.). If you didn't stop there but e.g. checked the changelog [1] to see since when IKEv2 signature authentication (and thus the use of stronger signature algorithms) has been supported (it's 5.3.0) you'd have realized that you can't restrict the signature algorithm to only SHA-256 during authentication (rightauth) if your peers use such old versions that only support SHA-1. > The client has the same configuration as the gateway: > > ike=aes256-sha256-modp2048,aes256-sha1-modp2048! > esp=aes256-sha256-modp2048,aes256-sha1-modp2048! This has absolutely nothing to do with the authentication, where your problem is. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/roadmap?completed=1&from=5.1.3